package com.pingan.pastry.common.interceptor;

import com.pingan.pastry.entity.User;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.List;

@Component
public class PermissionInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        System.out.println("权限拦截器方法执行..");
        HttpSession session = request.getSession();
        String sessionId = session.getId();
        User user = (User) request.getSession().getAttribute(sessionId);
        List<String> permissions = user.getPermissions();
        if(permissions.contains(request.getRequestURI())){
            return true;
        }else {
            throw new Exception("接口越权");
        }
    }
}
